Documentation ¶
Index ¶
- Constants
- type AllowList
- func (a *AllowList) CommitAllowed(commit string) bool
- func (a *AllowList) FileAllowed(fileName string) bool
- func (a *AllowList) IgnoreDotGit() error
- func (a *AllowList) PathAllowed(filePath string) bool
- func (a *AllowList) RegexAllowed(content string) bool
- func (a *AllowList) RepoAllowed(repo string) bool
- type Config
- type Entropy
- type Offender
- type Rule
- func (r *Rule) CheckEntropy(groups []string) (bool, float64)
- func (r *Rule) CommitAllowed(commit string) bool
- func (r *Rule) HasFileLeak(fileName string) bool
- func (r *Rule) HasFileOrPathLeakOnly(filePath string) bool
- func (r *Rule) HasFilePathLeak(filePath string) bool
- func (r *Rule) Inspect(line string) *Offender
- func (r *Rule) InspectFile(fileLines string) []Offender
- func (r *Rule) RegexAllowed(content string) bool
- type TomlAllowList
- type TomlLoader
Constants ¶
const DefaultConfig = `` /* 5292-byte string literal not displayed */
DefaultConfig is the default gitleaks configuration. If --config={path-to-config} is set than the config located at {path-to-config} will be used. Alternatively, if --repo-config is set then gitleaks will attempt to use the config set in a gitleaks.toml or .gitleaks.toml file in the repo that is run with --repo-config set.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AllowList ¶
type AllowList struct { Description string Regexes []*regexp.Regexp Commits []string Files []*regexp.Regexp Paths []*regexp.Regexp Repos []*regexp.Regexp }
AllowList is struct containing items that if encountered will allowlist a commit/line of code that would be considered a leak.
func (*AllowList) CommitAllowed ¶
CommitAllowed checks if a commit is allowlisted
func (*AllowList) FileAllowed ¶
FileAllowed checks if a file is allowlisted
func (*AllowList) IgnoreDotGit ¶
IgnoreDotGit appends a `\.git` rule to ignore all .git paths. This is used for --no-git scans
func (*AllowList) PathAllowed ¶
PathAllowed checks if a path is allowlisted
func (*AllowList) RegexAllowed ¶
RegexAllowed checks if a regex is allowlisted
func (*AllowList) RepoAllowed ¶
RepoAllowed checks if a regex is allowlisted
type Config ¶
Config is a composite struct of Rules and Allowlists Each Rule contains a description, regular expression, tags, and allowlists if available
func LoadAdditionalConfig ¶
LoadAdditionalConfig Accepts a path to a gitleaks config and returns a Config struct
func LoadRepoConfig ¶
LoadRepoConfig accepts a repo and config path related to the target repo's root.
func NewConfig ¶
NewConfig will create a new config struct which contains rules on how gitleaks will proceed with its scan. If no options are passed via cli then NewConfig will return a default config which can be seen in config.go
func (*Config) AppendConfig ¶
AppendConfig Accepts a Config struct and will append those fields to this Config Struct's fields
type Offender ¶
Offender is a struct that contains the information matched when searching content and information on why it matched (i.e. the EntropyLevel)
type Rule ¶
type Rule struct { Description string Regex *regexp.Regexp File *regexp.Regexp Path *regexp.Regexp ReportGroup int Multiline bool Tags []string AllowList AllowList Entropies []Entropy }
Rule is a struct that contains information that is loaded from a gitleaks config. This struct is used in the Config struct as an array of Rules and is iterated over during an scan. Each rule will be checked. If a regex match is found AND that match is not allowlisted (globally or locally), then a leak will be appended to the final scan report.
func (*Rule) CheckEntropy ¶
CheckEntropy checks if there is an entropy leak
func (*Rule) CommitAllowed ¶
CommitAllowed checks if a commit is allowlisted
func (*Rule) HasFileLeak ¶
HasFileLeak checks if there is a file leak
func (*Rule) HasFileOrPathLeakOnly ¶
HasFileOrPathLeakOnly first checks if there are no entropy/regex rules, then checks if there are any file/path leaks
func (*Rule) HasFilePathLeak ¶
HasFilePathLeak checks if there is a path leak
func (*Rule) InspectFile ¶
func (*Rule) RegexAllowed ¶
RegexAllowed checks if the content is allowlisted
type TomlAllowList ¶
type TomlAllowList struct { Description string Regexes []string Commits []string Files []string Paths []string Repos []string }
TomlAllowList is a struct used in the TomlLoader that loads in allowlists from specific rules or globally at the top level config
type TomlLoader ¶
type TomlLoader struct { AllowList TomlAllowList Rules []struct { Description string Regex string File string Path string ReportGroup int Multiline bool Tags []string Entropies []struct { Min string Max string Group string } AllowList TomlAllowList } }
TomlLoader gets loaded with the values from a gitleaks toml config see the config in config/defaults.go for an example. TomlLoader is used to generate Config values (compiling regexes, etc).
func (TomlLoader) Parse ¶
func (tomlLoader TomlLoader) Parse() (Config, error)
Parse will parse the values set in a TomlLoader and use those values to create compiled regular expressions and rules used in scans